Enable HTTPS in Sonarqube with keystore - https

i need to enable https into sonarqube. I already have a keystore (JKS File), but i don't know how do this operation.
thanks!

You need to install a reverse proxy with proper TLS configuration.
Here are some information :
https://docs.sonarqube.org/display/SONAR/Securing+the+Server+Behind+a+Proxy

It might be possible for you to configure it according "Running SonarQube 5.2 Over HTTPS". Please take note for the know limitations:
Because Tomcat is embedded in SonarQube in a "black box" mode, only
few Tomcat parameters can be customised
Otherwise it will be necessary to "Secure the Server Behind a Proxy". In that case:
The reverse proxy must be configured to set the value
"X_FORWARDED_PROTO: https" in each HTTP request header. Without this
property, redirection initiated by the SonarQube server will fall back
on HTTP.

Related

How to manage Proxy in Jmeter

I have to do performance test of a web based application through Jmeter. To connect to the application , I have to be in Client VPN and it has specific proxy to connect. The application will NOT work in Local host..
How to perform this? I tried by running Jmeter from command prompt . Please help .
You can configure JMeter to use proxy in 2 ways:
Command-line
jmeter -H your_proxy_host -P your_proxy_port
Using system.properties (the file lives under "bin" folder of your JMeter installation, add the next lines to it:
http.proxyHost=your_proxy_host
http.proxyPort=your_proxy_port
https.proxyHost=your_proxy_host
https.proxyPort=your_proxy_port
JMeter restart will be required to pick the properties up.
First check that you have the correct proxy parameters like Proxy Server IP/address,port no,username and password.
Then, in the first HTTP Request, click on advanced tab and there you find Proxy server section.
Fill the required information and run the jmeter. Based on the response you can judge where you are able to send the request via proxy or not.
I have used it with proxy server name with username and pwd. For me it worked, by that I means you can try by whatever information you have.
Then, you can set the properties permanently as suggested by Dmitri. Also, it can be set in HTTP Request Default Config.
Check the below link for more information:-
https://jmeter.apache.org/usermanual/component_reference.html#HTTP_Request

How to run sonar analysis when Sonar server is configured over HTTPS

We have a SonarQube server which is by default running on HTTP and 9000 port. We decided to use SonarQube over HTTPS configured using IIS reverse proxy and disable HTTP.
Previously in sonar-scanner.properties,sonar.host.url is configured to run as mentioned below.
sonar.host.url=http://localhost:9000 and now we want to change it to sonar.host.url=https://localhost.
On the browser https://localhost works fine. However when I configure this url in sonar-scanner.properties and try to run the sonar analysis, it says url can not be reached. Could anyone give me some suggestions to fix this issue.
Regards,
Sharieff.
Assign a valid certificate to your website. Using localhost is not the best choice; you should use and configure a valid domain name (https:/mycompany.com for example). On the machine you use to analyse you must update the Java Runtime by registering the certificate associated with this name and maybe also other (root) certificates in the certificate chain. See this blog for all the details. After executing these steps you should be able to upload the analysis to you SonarQube instance.

Play Framework serve HTTPS content

I am a newbie at play, and I am trying at least to use HTTPS on a login and sign up pages in order to have more security on sensitive user data.
I have a range of questions regarding this:
I have configured my play application to use https on the application.conf file with the https.port property. However in my development environment I cant seem to start the server with https capability unless I use the command: play -Dhttps.port=<port>
Why does this happen? I would think that I could use a dev.conf (right now is the application.conf) file in order to do this. Can't I start the server in dev mode while using this kind of settings specified on the configuration file?
Although I start the server with https capabilities, what is the correct way to use https on play? I already created a java key store that I use, and tried to redirect (from a controller) requests to a https url using redirect(securedIndexCall.absoluteURL(request, secure)). But it does not seem to work at least on my dev enviroment (localhost). The logs specify exceptions like:
java.lang.IllegalArgumentException: empty text
java.lang.IllegalArgumentException: invalid version format: M¥å/=<junk characters continue>
Should I use https on the whole application, or just securing the login and sign up requests is sufficient?
I feel the official documentation provided is rather insufficient and I am at a loss here trying to figure out how I should do this.
Any help would be really appreciated!
I agree with Fernando, I think it's easier to set up a front end web server. In my case I used Lighttpd and it was fairly straightforward to set up. I'd recommend:
Configure Lighttpd as per these instructions (at this stage, don't worry about HTTPS just get HTTP working): http://www.playframework.com/documentation/2.3.x/HTTPServer
Then configure HTTPS in Lighttpd: http://redmine.lighttpd.net/projects/1/wiki/HowToSimpleSSL. If you intend on buying an SSL certificate then there will be a few more options to set (e.g. intermediate certificate). The following page has more information: http://redmine.lighttpd.net/projects/1/wiki/Docs_SSL
Answers to your main questions:
1) Enabling HTTPS in Play
Yes, you have to explicitly say you want to use HTTPS when starting up
http://www.playframework.com/documentation/2.3.x/ConfiguringHttps
2) The "java.lang.IllegalArgumentException" error message
There might be an issue with the keystore. This SO article seems to discuss in more detail: Play framework 2.2.1 HTTPs fails on connection attempt
3) SSL for login page or whole app
Personally, I would go for the whole app. If you're taking the time to set up HTTPS I think you might as well cover the whole site. I guess there are slight performance overheads in running HTTPS but realistically it's not something you'd notice.
You should use a front end server for HTTPS, and use HTTPS for the whole application.
Please see Setting up a front end HTTP server and see the commented out nginx settings.

Concerns on SSL config within Websphere Application Server

i'm kind of confused with the SSL setting within Websphere Application Server.
As you can see from the attached picture, the Default SSL setting has been done both in cell and node scope. Below are my qeustions:
is either inbound or outbound data through websphere transfered with SSL way according to the setting?
is the above SSL setting enabled by default? If not, then how to enable it?
in the regard of KeyStore or TrustStore configuration, i can see it refers to path like
${CONFIG_ROOT}/cells/localhostCell01/key.p12
However, i can not find this variable CONFIG_ROOT within Webspehre Variables through Admin Console. Does it mean that SSL is disabled by default so it's ok for this variable having no value?
Thanks in advance
Please see the WebSphere Security Redbook chapter 4 for details - http://www.redbooks.ibm.com/redbooks/pdfs/sg246316.pdf CONFIG_ROOT is a substitution variable, so you should be fine - http://publib.boulder.ibm.com/infocenter/iadthelp/v6r0/index.jsp?topic=/com.ibm.ws.ast.st.v6.doc/topics/tsubvarv6.html. You can test which certificates are enabled using openssl from the command line - http://www.cyberciti.biz/faq/test-ssl-certificates-diagnosis-ssl-certificate/

SoapUI global proxy testings not taken for test execution

I have created a web test project using the SoapUi GUI (free version). I need a proxy to connect to the Internet. Therefore, I have set the proxy host and port in File->Preferences->Proxy Settings and made sure that it is enabled. I know the proxy settings are correct, because I see the "soapUi Starter Page" properly. But to my surprise, these global proxy settings do not seem to be taken when running the web test case (I just configured a HTTP GET for http://www.google.com), and my request always times out.
I have failed to make it work both with version 4.0.1 and with 4.05 beta 1.
Can anyone help me with this?
Thanks
can you try with http://stackoverflow.com?
It seems soapui doesn't handle redirect right.

Resources